.Distribution Statement A: Approved for public release; DOPSR Case # 20-S-1782 applies. Distribution is unlimited

Security and Access

Results

Developing quantitative measures, implementing metrics monitoring and decision support tools to reduce acquisition risk.

Design

Fabrication

Packaging

V&V

Risk Assessment and MetricsOUSD R&E Trusted & Assured Microelectronics ProgramPOC: Dr. Matthew Casto, T&AM Program Director, matthew.j.casto.civ@mail.mil

Risk Assessment and Metrics

Background Results and ImpactApproach“Data collection and analysis methods must be developed and applied along the entire lifecycle, in a manner that does not introduce significant throughput impact or prohibitive cost penalties, in order to effectively counter security threats that include malicious insertion, fraudulent products, theft of IP, and quality and reliability failures. “ – Dr. Lisa Porter, DUSD R&E, ERI Summit 2019

The supply chain for Commercial off the Shelf (COTs) microelectronics used in DoD systems often includes

oversea components

Risk Assessment and Metrics uses data as a foundation for assessing risk in the microelectronics lifecycle. It is a cross-cutting activity to identify data driven comprehensive metrics for Quantifiable Assurance (QA).

US Cyber Command said today that foreign state-sponsored hacking groups are likely to exploit a major security bug disclosed today in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks.

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

Obscure & Undetected: Hacking Into Hardware of Mission-Critical Infrastructure Using Side-Channel Attacks

Data Collection

Identifying and collecting applicable data

Mathematical ModelingConduct quantifiable assurance assessment

Integrated Demonstration into PracticeIntegrating models and metrics into real world applications

Pass? Impact

Verification that the device or system reliably functions as intended with the specified provenance.

Model

ModelData

Risk A

ssessment

Risk A

ssessment

Risk A

ssessment

Risk A

ssessment

ModelData

ModelData

ModelData

OUSD R&E T&AM

McLek/Shutterstock

OUSD R&E T&AM

ExtremeTech

Forbes / Global Foundries

ES Components

Projectride.net

O’Reilly

Digital Design

Wikipedia

Wikipedia

chipsetc

Bosch wafer fab

npowert

npowert

dreamstime

sciencestockphotos

notebookcheck

Recent News Articles

DUSD – Deputy Undersecretary of DefenseR&E - Research and EngineeringERI – Electronics Resurgence Initiative

RC- Resistance Capacitance, SIM- Simulation, EMU - Emulation, FE – Front End, BE – Back End, EM – Electromagnetic

Electronics as a Strategic Issue

Program is enabling the move to the Quantifiable Assurance methodology that increases both access and supply security of custom DoD electronics

The supply chain for COTs microelectronics used in DoD systems often includes overseas suppliers, increasing risk to the supply chain

• Risks similar for the broader national security community, banking, critical infrastructure, etc.

Increasing dominance of Asia in microelectronic component manufacturing potentially increases supply chain risk

Significant microelectronic challenges represent a strategic, national-level use

DoD Trusted & Assured Electronics Issue

COTS Electronics Trust & Assurance (DoD & Beyond)

Source: SIA (https://www.semiconductors.org/)

Typical semiconductor production process spans multiple countries:4+ countries, 4+states, 3+ trips around the world, 100 days production time

Beyond Borders: Semiconductors are a Uniquely Global Industry